From beeb91dd2aaf60ab47ddaf9d94331845b344e67f Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Tue, 26 Aug 2025 13:42:55 +0200
Subject: [PATCH 1/8] C#: Add some XmlDictionaryReader models.

---
 csharp/ql/lib/ext/System.Xml.model.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/csharp/ql/lib/ext/System.Xml.model.yml b/csharp/ql/lib/ext/System.Xml.model.yml
index efea34b40dbe..00fe136a98f1 100644
--- a/csharp/ql/lib/ext/System.Xml.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.model.yml
@@ -23,6 +23,17 @@ extensions:
       - ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[3]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", False, "CreateBinaryReader", "(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.Byte[],System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0].Element", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBase64", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint",  "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsChars", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadElementContentAsBase64", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadElementContentAsBinHex", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDocument", False, "Load", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.Xml", "XmlDocument", False, "Load", "(System.IO.TextReader)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.Xml", "XmlDocument", False, "Load", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]

From 1d35bd1a59cbd52989b71cf2ff7731cf49de6806 Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Tue, 26 Aug 2025 13:49:57 +0200
Subject: [PATCH 2/8] C#: Update expected test output.

---
 .../dataflow/library/FlowSummaries.expected       | 15 +++++++++++++--
 .../library/FlowSummariesFiltered.expected        | 15 +++++++++++++--
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
index a87c1fea3757..bcd179baaf8f 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -20882,14 +20882,23 @@ summary
 | System.Xml;XmlDictionaryReader;CreateDictionaryReader;(System.Xml.XmlReader);Argument[0];ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;CreateMtomReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[7];Argument[7].Parameter[delegate-self];value;hq-generated |
 | System.Xml;XmlDictionaryReader;CreateMtomReader;(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |
-| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |
-| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[0].Element;ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[0];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated |
 | System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadContentAsBase64;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadContentAsBinHex;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadContentAsBinHex;(System.Int32);Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadContentAsChars;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-generated |
@@ -20897,6 +20906,8 @@ summary
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Xml.XmlDictionaryString[],System.Int32);Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value];ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsUniqueId;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadElementContentAsBase64;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadElementContentAsBinHex;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadElementContentAsUniqueId;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
index ef56fb2f1e28..732da8be8d23 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
@@ -16210,17 +16210,28 @@
 | System.Xml;XmlDictionaryReader;CreateDictionaryReader;(System.Xml.XmlReader);Argument[0];ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;CreateMtomReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[7];Argument[7].Parameter[delegate-self];value;hq-generated |
 | System.Xml;XmlDictionaryReader;CreateMtomReader;(System.IO.Stream,System.Text.Encoding[],System.String,System.Xml.XmlDictionaryReaderQuotas,System.Int32,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |
-| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated |
-| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[0].Element;ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[0];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;manual |
+| System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas);Argument[0];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated |
 | System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadContentAsBase64;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadContentAsBinHex;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadContentAsBinHex;(System.Int32);Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadContentAsChars;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Xml.XmlDictionaryString[],System.Int32);Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value];ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsUniqueId;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadElementContentAsBase64;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlDictionaryReader;ReadElementContentAsBinHex;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;ReadElementContentAsUniqueId;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadString;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;get_Quotas;();Argument[this];ReturnValue;taint;df-generated |

From 8b2ebaa0471e560a5a3eec38ad188aaa6f932aa1 Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Wed, 27 Aug 2025 13:43:54 +0200
Subject: [PATCH 3/8] C#: Promote some generated- and refine models for
 XmlReader.

---
 csharp/ql/lib/ext/System.Xml.model.yml | 47 ++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

diff --git a/csharp/ql/lib/ext/System.Xml.model.yml b/csharp/ql/lib/ext/System.Xml.model.yml
index 00fe136a98f1..75179decf600 100644
--- a/csharp/ql/lib/ext/System.Xml.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.model.yml
@@ -79,3 +79,50 @@ extensions:
       - ["System.Xml", "XmlReader", False, "Create", "(System.String,System.Xml.XmlReaderSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlReader", False, "Create", "(System.String,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlReader", False, "Create", "(System.Xml.XmlReader,System.Xml.XmlReaderSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "GetAttribute", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "GetAttribute", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "GetAttribute", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "GetValueAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "LookupNamespace", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAs", "(System.Type,System.Xml.IXmlNamespaceResolver)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsAsync", "(System.Type,System.Xml.IXmlNamespaceResolver)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsBase64", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsBase64Async", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsBinHex", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsBinHexAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsObject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsObjectAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadContentAsStringAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAs", "(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsAsync", "(System.Type,System.Xml.IXmlNamespaceResolver)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsBase64", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsBase64Async", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsBinHex", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsBinHexAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsObject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsObject", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementContentAsString", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementString", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadElementString", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadInnerXml", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadInnerXmlAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadOuterXml", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadOuterXmlAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadSubtree", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "ReadValueChunk", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "get_BaseURI", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_Item", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_Item", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_LocalName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_Name", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_NameTable", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_NamespaceURI", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_Prefix", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlReader", True, "get_SchemaInfo", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-manual"]
+      - ["System.Xml", "XmlReader", True, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]

From 8a480b6be1e0e79839d8745d8b05411e337ebde3 Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Wed, 27 Aug 2025 13:58:44 +0200
Subject: [PATCH 4/8] C#: Update test expected output.

---
 .../dataflow/library/FlowSummaries.expected   | 214 ++++++++----------
 .../library/FlowSummariesFiltered.expected    | 104 ++++-----
 2 files changed, 143 insertions(+), 175 deletions(-)

diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
index bcd179baaf8f..bf5972026bfb 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -20892,25 +20892,23 @@ summary
 | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated |
 | System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsBase64;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsBinHex;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsBinHex;(System.Int32);Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsChars;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlDictionaryReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Xml.XmlDictionaryString[],System.Int32);Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value];ReturnValue;value;dfc-generated |
 | System.Xml;XmlDictionaryReader;ReadContentAsUniqueId;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;ReadElementContentAsBase64;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlDictionaryReader;ReadElementContentAsBinHex;();Argument[this];ReturnValue;taint;manual |
-| System.Xml;XmlDictionaryReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlDictionaryReader;ReadElementContentAsUniqueId;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlDictionaryReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlDictionaryReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlDictionaryReader;ReadString;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryReader;get_Quotas;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlDictionaryString;ToString;();Argument[this].SyntheticField[System.Xml.XmlDictionaryString._value];ReturnValue;value;dfc-generated |
@@ -21272,30 +21270,28 @@ summary
 | System.Xml;XmlNodeList;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual |
 | System.Xml;XmlNodeList;Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNodeList;get_ItemOf;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlNodeReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlNodeReader;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNodeReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated |
+| System.Xml;XmlNodeReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-manual |
 | System.Xml;XmlNodeReader;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNodeReader;MoveToAttribute;(System.String);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlNodeReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlNodeReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlNodeReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlNodeReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlNodeReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;dfc-generated |
-| System.Xml;XmlNodeReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;ReadString;();Argument[this];ReturnValue;taint;dfc-generated |
+| System.Xml;XmlNodeReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlNodeReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlNodeReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlNodeReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlNodeReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlNodeReader;XmlNodeReader;(System.Xml.XmlNode);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlNodeReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;get_LocalName;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;get_Name;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;get_NameTable;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;get_Prefix;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;get_SchemaInfo;();Argument[this];ReturnValue;value;dfc-generated |
-| System.Xml;XmlNodeReader;get_Value;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlNodeReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;get_LocalName;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;get_Name;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;get_NameTable;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;get_Prefix;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlNodeReader;get_SchemaInfo;();Argument[this];ReturnValue;value;dfc-manual |
+| System.Xml;XmlNodeReader;get_Value;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlNodeReader;get_XmlLang;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNotation;CloneNode;(System.Boolean);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNotation;WriteContentTo;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated |
@@ -21348,60 +21344,56 @@ summary
 | System.Xml;XmlReader;Create;(System.String,System.Xml.XmlReaderSettings);Argument[0];ReturnValue;taint;manual |
 | System.Xml;XmlReader;Create;(System.String,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);Argument[0];ReturnValue;taint;manual |
 | System.Xml;XmlReader;Create;(System.Xml.XmlReader,System.Xml.XmlReaderSettings);Argument[0];ReturnValue;taint;manual |
-| System.Xml;XmlReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;GetValueAsync;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated |
+| System.Xml;XmlReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;GetValueAsync;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-manual |
 | System.Xml;XmlReader;MoveToAttribute;(System.String);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsObject;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsStringAsync;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsObject;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsObjectAsync;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsStringAsync;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
 | System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated |
 | System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsObject;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsObject;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsString;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementString;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementString;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadInnerXml;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadOuterXml;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadSubtree;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Item;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Item;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_LocalName;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Name;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_NameTable;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Prefix;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_SchemaInfo;();Argument[this];ReturnValue;value;dfc-generated |
+| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsObject;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsObject;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsString;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementString;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementString;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadInnerXml;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadInnerXmlAsync;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadOuterXml;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadOuterXmlAsync;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadSubtree;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Item;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Item;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_LocalName;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Name;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_NameTable;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Prefix;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_SchemaInfo;();Argument[this];ReturnValue;value;dfc-manual |
 | System.Xml;XmlReader;get_Settings;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Value;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlReader;get_Value;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;get_XmlLang;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlReaderSettings;add_ValidationEventHandler;(System.Xml.Schema.ValidationEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
 | System.Xml;XmlReaderSettings;remove_ValidationEventHandler;(System.Xml.Schema.ValidationEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
@@ -21441,22 +21433,20 @@ summary
 | System.Xml;XmlText;get_ParentNode;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlText;get_PreviousText;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlText;get_Value;();Argument[this];ReturnValue;taint;manual |
-| System.Xml;XmlTextReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlTextReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;GetRemainder;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated |
+| System.Xml;XmlTextReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-manual |
 | System.Xml;XmlTextReader;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;MoveToAttribute;(System.String);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;dfc-generated |
-| System.Xml;XmlTextReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;ReadString;();Argument[this];ReturnValue;taint;dfc-generated |
+| System.Xml;XmlTextReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];value;dfc-generated |
@@ -21464,20 +21454,14 @@ summary
 | System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];value;dfc-generated |
-| System.Xml;XmlTextReader;get_BaseURI;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];ReturnValue;value;df-generated |
-| System.Xml;XmlTextReader;get_BaseURI;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];ReturnValue;value;dfc-generated |
-| System.Xml;XmlTextReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_BaseURI;();Argument[this];ReturnValue;taint;dfc-generated |
+| System.Xml;XmlTextReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_LocalName;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_Name;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_NameTable;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];ReturnValue;value;df-generated |
-| System.Xml;XmlTextReader;get_NameTable;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];ReturnValue;value;dfc-generated |
-| System.Xml;XmlTextReader;get_NameTable;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_NameTable;();Argument[this];ReturnValue;taint;dfc-generated |
-| System.Xml;XmlTextReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_Prefix;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_Value;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlTextReader;get_LocalName;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;get_Name;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;get_NameTable;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;get_Prefix;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlTextReader;get_Value;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;get_XmlLang;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;set_XmlResolver;(System.Xml.XmlResolver);Argument[0];Argument[this];taint;df-generated |
 | System.Xml;XmlTextWriter;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated |
@@ -21552,37 +21536,35 @@ summary
 | System.Xml;XmlUrlResolver;ResolveUri;(System.Uri,System.String);Argument[1];ReturnValue;taint;dfc-generated |
 | System.Xml;XmlUrlResolver;set_Credentials;(System.Net.ICredentials);Argument[0];Argument[this];taint;df-generated |
 | System.Xml;XmlUrlResolver;set_Proxy;(System.Net.IWebProxy);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlValidatingReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlValidatingReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlValidatingReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlValidatingReader;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated |
+| System.Xml;XmlValidatingReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-manual |
 | System.Xml;XmlValidatingReader;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;MoveToAttribute;(System.String);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;dfc-generated |
-| System.Xml;XmlValidatingReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadString;();Argument[this];ReturnValue;taint;dfc-generated |
+| System.Xml;XmlValidatingReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlValidatingReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlValidatingReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlValidatingReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlValidatingReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlValidatingReader;ReadTypedValue;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;XmlValidatingReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlValidatingReader;XmlValidatingReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlValidatingReader;XmlValidatingReader;(System.Xml.XmlReader);Argument[0];Argument[this];taint;df-generated |
 | System.Xml;XmlValidatingReader;add_ValidationEventHandler;(System.Xml.Schema.ValidationEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
-| System.Xml;XmlValidatingReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlValidatingReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlValidatingReader;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;get_LocalName;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;get_Name;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;get_NameTable;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;get_Prefix;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlValidatingReader;get_LocalName;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlValidatingReader;get_Name;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlValidatingReader;get_NameTable;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlValidatingReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlValidatingReader;get_Prefix;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlValidatingReader;get_Reader;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;get_SchemaType;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;get_Schemas;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;get_Value;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlValidatingReader;get_Value;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlValidatingReader;get_XmlLang;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;remove_ValidationEventHandler;(System.Xml.Schema.ValidationEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
 | System.Xml;XmlWhitespace;CloneNode;(System.Boolean);Argument[this];ReturnValue;taint;df-generated |
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
index 732da8be8d23..f88618cfa59d 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
@@ -16514,8 +16514,6 @@
 | System.Xml;XmlNodeChangedEventHandler;BeginInvoke;(System.Object,System.Xml.XmlNodeChangedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
 | System.Xml;XmlNodeList;Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNodeList;get_ItemOf;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;df-generated |
-| System.Xml;XmlNodeReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;dfc-generated |
 | System.Xml;XmlNodeReader;XmlNodeReader;(System.Xml.XmlNode);Argument[0].Element;Argument[this];taint;df-generated |
 | System.Xml;XmlNotation;get_PublicId;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlNotation;get_SystemId;();Argument[this];ReturnValue;taint;df-generated |
@@ -16550,60 +16548,56 @@
 | System.Xml;XmlReader;Create;(System.String,System.Xml.XmlReaderSettings);Argument[0];ReturnValue;taint;manual |
 | System.Xml;XmlReader;Create;(System.String,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);Argument[0];ReturnValue;taint;manual |
 | System.Xml;XmlReader;Create;(System.Xml.XmlReader,System.Xml.XmlReaderSettings);Argument[0];ReturnValue;taint;manual |
-| System.Xml;XmlReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;GetValueAsync;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated |
+| System.Xml;XmlReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;GetValueAsync;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-manual |
 | System.Xml;XmlReader;MoveToAttribute;(System.String);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsObject;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadContentAsStringAsync;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadContentAsObject;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsObjectAsync;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadContentAsStringAsync;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
 | System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated |
 | System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[this];Argument[1];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsObject;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsObject;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementContentAsString;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementString;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadElementString;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadInnerXml;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadOuterXml;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadString;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;ReadSubtree;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Item;(System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Item;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_LocalName;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Name;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_NameTable;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Prefix;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_SchemaInfo;();Argument[this];ReturnValue;value;dfc-generated |
+| System.Xml;XmlReader;ReadElementContentAs;(System.Type,System.Xml.IXmlNamespaceResolver,System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsAsync;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBase64Async;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsBinHexAsync;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadElementContentAsObject;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsObject;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementContentAsString;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementString;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadElementString;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadInnerXml;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadInnerXmlAsync;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadOuterXml;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadOuterXmlAsync;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadSubtree;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Item;(System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Item;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_LocalName;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Name;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_NameTable;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_NamespaceURI;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_Prefix;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;get_SchemaInfo;();Argument[this];ReturnValue;value;dfc-manual |
 | System.Xml;XmlReader;get_Settings;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlReader;get_Value;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlReader;get_Value;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;get_XmlLang;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlReaderSettings;add_ValidationEventHandler;(System.Xml.Schema.ValidationEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
 | System.Xml;XmlReaderSettings;remove_ValidationEventHandler;(System.Xml.Schema.ValidationEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
@@ -16620,8 +16614,6 @@
 | System.Xml;XmlSecureResolver;GetEntityAsync;(System.Uri,System.String,System.Type);Argument[0];ReturnValue.Property[System.Threading.Tasks.Task`1.Result];taint;dfc-generated |
 | System.Xml;XmlText;SplitText;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;GetRemainder;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;dfc-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];value;dfc-generated |
@@ -16629,11 +16621,7 @@
 | System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlTextReader;XmlTextReader;(System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];value;dfc-generated |
-| System.Xml;XmlTextReader;get_BaseURI;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];ReturnValue;value;df-generated |
-| System.Xml;XmlTextReader;get_BaseURI;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];ReturnValue;value;dfc-generated |
 | System.Xml;XmlTextReader;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;get_NameTable;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];ReturnValue;value;df-generated |
-| System.Xml;XmlTextReader;get_NameTable;();Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];ReturnValue;value;dfc-generated |
 | System.Xml;XmlTextReader;set_XmlResolver;(System.Xml.XmlResolver);Argument[0];Argument[this];taint;df-generated |
 | System.Xml;XmlTextWriter;WriteDocType;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextWriter._textWriter];taint;df-generated |
 | System.Xml;XmlTextWriter;WriteDocType;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextWriter._textWriter];taint;dfc-generated |
@@ -16664,8 +16652,6 @@
 | System.Xml;XmlTextWriter;get_BaseStream;();Argument[this].SyntheticField[System.Xml.XmlTextWriter._textWriter].Property[System.IO.StreamWriter.BaseStream];ReturnValue;value;dfc-generated |
 | System.Xml;XmlUrlResolver;GetEntity;(System.Uri,System.String,System.Type);Argument[0].Property[System.Uri.LocalPath];ReturnValue;taint;dfc-generated |
 | System.Xml;XmlUrlResolver;set_Proxy;(System.Net.IWebProxy);Argument[0];Argument[this];taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;df-generated |
-| System.Xml;XmlValidatingReader;ReadString;();Argument[this].Property[System.Xml.XmlReader.Value];ReturnValue;taint;dfc-generated |
 | System.Xml;XmlValidatingReader;ReadTypedValue;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlValidatingReader;XmlValidatingReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
 | System.Xml;XmlValidatingReader;XmlValidatingReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |

From 5cd30f023c033938af7b90c4d2989066114ad5eb Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Wed, 27 Aug 2025 14:33:16 +0200
Subject: [PATCH 5/8] C#: Add some XmlTextReader models.

---
 csharp/ql/lib/ext/System.Xml.model.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/csharp/ql/lib/ext/System.Xml.model.yml b/csharp/ql/lib/ext/System.Xml.model.yml
index 75179decf600..2839461846bd 100644
--- a/csharp/ql/lib/ext/System.Xml.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.model.yml
@@ -126,3 +126,21 @@ extensions:
       - ["System.Xml", "XmlReader", True, "get_Prefix", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
       - ["System.Xml", "XmlReader", True, "get_SchemaInfo", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-manual"]
       - ["System.Xml", "XmlReader", True, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
+      - ["System.Xml", "XmlTextReader", True, "GetNamespacesInScope", "(System.Xml.XmlNamespaceScope)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", True, "GetRemainder", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", True, "ReadBase64", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", True, "ReadBinHex", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", True, "ReadChars", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.IO.Stream,System.Xml.XmlNameTable)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.IO.TextReader)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.IO.TextReader,System.Xml.XmlNameTable)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String,System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String,System.IO.Stream,System.Xml.XmlNameTable)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String,System.IO.TextReader)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String,System.IO.TextReader,System.Xml.XmlNameTable)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String,System.Xml.XmlNameTable)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Xml", "XmlTextReader", False, "XmlTextReader", "(System.Xml.XmlNameTable)", "", "Argument[0]", "Argument[this]", "taint", "manual"]

From 525c0952878975baa55e36b2a461093259bd83bb Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Wed, 27 Aug 2025 14:40:43 +0200
Subject: [PATCH 6/8] C#: Update expected test output.

---
 .../dataflow/library/FlowSummaries.expected   | 27 ++++++++++++-------
 .../library/FlowSummariesFiltered.expected    | 26 ++++++++++++------
 2 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
index bf5972026bfb..f62716273ea3 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -21436,24 +21436,33 @@ summary
 | System.Xml;XmlTextReader;GetAttribute;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;GetAttribute;(System.String);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;GetAttribute;(System.String,System.String);Argument[this];ReturnValue;taint;df-manual |
-| System.Xml;XmlTextReader;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;GetRemainder;();Argument[this];ReturnValue;taint;df-generated |
+| System.Xml;XmlTextReader;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;GetRemainder;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlTextReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated |
 | System.Xml;XmlTextReader;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-manual |
 | System.Xml;XmlTextReader;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;MoveToAttribute;(System.String);Argument[0];Argument[this];taint;df-generated |
+| System.Xml;XmlTextReader;ReadBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadChars;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlTextReader;ReadContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlTextReader;ReadContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlTextReader;ReadElementContentAsBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlTextReader;ReadElementContentAsBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlTextReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
-| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];value;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.TextReader,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];value;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];value;dfc-generated |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.TextReader);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.TextReader,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.TextReader);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.TextReader,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
 | System.Xml;XmlTextReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlTextReader;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;get_LocalName;();Argument[this];ReturnValue;taint;df-manual |
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
index f88618cfa59d..55ecf4eafef2 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
@@ -16613,14 +16613,24 @@
 | System.Xml;XmlSecureResolver;GetEntityAsync;(System.Uri,System.String,System.Type);Argument[0];ReturnValue.Property[System.Threading.Tasks.Task`1.Result];taint;df-generated |
 | System.Xml;XmlSecureResolver;GetEntityAsync;(System.Uri,System.String,System.Type);Argument[0];ReturnValue.Property[System.Threading.Tasks.Task`1.Result];taint;dfc-generated |
 | System.Xml;XmlText;SplitText;(System.Int32);Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;GetRemainder;();Argument[this];ReturnValue;taint;df-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];value;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.TextReader,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];value;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._reportedBaseUri];taint;dfc-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[2];Argument[this];taint;df-generated |
-| System.Xml;XmlTextReader;XmlTextReader;(System.Xml.XmlNameTable);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextReader._impl].SyntheticField[System.Xml.XmlTextReaderImpl._nameTable];value;dfc-generated |
+| System.Xml;XmlTextReader;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;GetRemainder;();Argument[this];ReturnValue;taint;manual |
+| System.Xml;XmlTextReader;ReadBase64;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadBinHex;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;ReadChars;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.Stream,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.TextReader);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.IO.TextReader,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.Stream,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.TextReader);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.IO.TextReader,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.String,System.Xml.XmlNodeType,System.Xml.XmlParserContext);Argument[0];Argument[this];taint;manual |
+| System.Xml;XmlTextReader;XmlTextReader;(System.Xml.XmlNameTable);Argument[0];Argument[this];taint;manual |
 | System.Xml;XmlTextReader;get_Encoding;();Argument[this];ReturnValue;taint;df-generated |
 | System.Xml;XmlTextReader;set_XmlResolver;(System.Xml.XmlResolver);Argument[0];Argument[this];taint;df-generated |
 | System.Xml;XmlTextWriter;WriteDocType;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Xml.XmlTextWriter._textWriter];taint;df-generated |

From aa8a72d6396d917582a3cc0870fdc04d0b6c2564 Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Tue, 26 Aug 2025 13:59:36 +0200
Subject: [PATCH 7/8] C#: Add change-note.

---
 csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md

diff --git a/csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md b/csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md
new file mode 100644
index 000000000000..9702be7e3b3e
--- /dev/null
+++ b/csharp/ql/lib/change-notes/2025-08-26-xmlreader-models.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added summary models for `System.Xml.XmlReader`, `System.Xml.XmlTextReader` and `System.Xml.XmlDictionaryReader`.

From 55dd098307507a9393ee78ec533c7f55cb85ea11 Mon Sep 17 00:00:00 2001
From: Michael Nebel <michaelnebel@github.com>
Date: Mon, 1 Sep 2025 15:40:58 +0200
Subject: [PATCH 8/8] C#: Address review comments.

---
 csharp/ql/lib/ext/System.Xml.model.yml                      | 6 +++---
 .../library-tests/dataflow/library/FlowSummaries.expected   | 2 ++
 .../dataflow/library/FlowSummariesFiltered.expected         | 2 ++
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/csharp/ql/lib/ext/System.Xml.model.yml b/csharp/ql/lib/ext/System.Xml.model.yml
index 2839461846bd..a6ed8dd465d5 100644
--- a/csharp/ql/lib/ext/System.Xml.model.yml
+++ b/csharp/ql/lib/ext/System.Xml.model.yml
@@ -30,7 +30,7 @@ extensions:
       - ["System.Xml", "XmlDictionaryReader", False, "CreateTextReader", "(System.IO.Stream,System.Xml.XmlDictionaryReaderQuotas)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBase64", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
-      - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint",  "manual"]
+      - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsBinHex", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsChars", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", True, "ReadElementContentAsBase64", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlDictionaryReader", True, "ReadElementContentAsBinHex", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
@@ -113,8 +113,8 @@ extensions:
       - ["System.Xml", "XmlReader", True, "ReadOuterXmlAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System.Xml", "XmlReader", True, "ReadString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
       - ["System.Xml", "XmlReader", True, "ReadSubtree", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
-      - ["System.Xml", "XmlReader", True, "ReadValueChunk", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
-      - ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "()", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadValueChunk", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
+      - ["System.Xml", "XmlReader", True, "ReadValueChunkAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
       - ["System.Xml", "XmlReader", True, "get_BaseURI", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
       - ["System.Xml", "XmlReader", True, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
       - ["System.Xml", "XmlReader", True, "get_Item", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
index f62716273ea3..36e23003fcc2 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -21382,6 +21382,8 @@ summary
 | System.Xml;XmlReader;ReadOuterXmlAsync;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;ReadSubtree;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadValueChunk;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadValueChunkAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;get_Item;(System.String);Argument[this];ReturnValue;taint;df-manual |
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
index 55ecf4eafef2..25ac85e95485 100644
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
@@ -16586,6 +16586,8 @@
 | System.Xml;XmlReader;ReadOuterXmlAsync;();Argument[this];ReturnValue;taint;manual |
 | System.Xml;XmlReader;ReadString;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;ReadSubtree;();Argument[this];ReturnValue;taint;df-manual |
+| System.Xml;XmlReader;ReadValueChunk;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
+| System.Xml;XmlReader;ReadValueChunkAsync;(System.Char[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual |
 | System.Xml;XmlReader;get_BaseURI;();Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-manual |
 | System.Xml;XmlReader;get_Item;(System.String);Argument[this];ReturnValue;taint;df-manual |